Happy Black Friday Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

SAA-C02 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C02)

Question # 4

A news company that has reporters ail over the world is hosting its broadcast system on AWS The reporters send live broadcasts to the broadcast system The reporters use software on their phones to send live streams through the Real Time Messaging Protocol (RTMP).

A solutions architect must design a solution that gives the reporters the ability to send the highest quality streams. The solution must provide accelerated TCP connections back to the broadcast system.

What should the solutions a use to meet these requirements?

A.

Amazon CloudFront

B.

AWS Global Accelerator

C.

AWS Client VPN

D.

Amazon EC2 Instances and AWS Elastic IP addresses

Full Access
Question # 5

An entertainment company is using Amazon DynamoDB to store media metadata. The application Is read intensive and experience delays The company does not have staff to handle additional operational overhead and needs to Improve the performance efficiency of DynamoDB without reconfiguring the application

What should a solutions architect recommend to meet this requirement?

A.

Use Amazon ElastiCache for Redis

B.

Use Amazon DynamoDB Accelerator (DAX).

C.

Replicate data by using DynamoDB global tables

D.

Use Amazon ElasoCache for Merncached with Auto Discovery enabled

Full Access
Question # 6

A company requires that all version of object in its Amazon S3 bucket be retained. Current object versions will be frequently accessed during the first 30 days, after which they will be rarely accessed and must be retrievable within 5 minutes. Previous object versions need to be kept forever, will be rarely accessed, and can be retrieved within 1 week. All store solutions must be highly available and highly durable

What should a solutions architect recommend to meet these requirements in the MOST costs-effective manner?

A.

Create an S3 lifecycle policy tor the bucket that moves current object versions horn S3 Standard storage lo S3 Glacier after 30 days and moves previous object versions to S3 Glacier after 1 day

B.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day.

C.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 standard-infrequent Access (S3 Standard-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day.

D.

Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day

Full Access
Question # 7

A company has primary and secondary data canters that are 500 miles (804.7 km) apart and Interconnected with high-speed fiber.optic cable. The company needs a highly available and secure network connection between its data centers and a VPC on AWS for a mission-critical workload A solutions architect must choose a connection solution that provides maximum resiliency. Which solution meets these requirements?

A.

Two AWS Direct Connect connections from the primary data center terminating at two Direct Connect locations on two separate devices

B.

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Connect location on the same device

C.

Two AWS Direct Connect connections from each of the primary and secondary data centers terminating at two Direct Connect locations on two separate devices

D.

A single AWS Direct Connect connection from each of the primary and secondary data centers terminating at one Direct Conned location on two separate devices

Full Access
Question # 8

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege Company managers are wonted about accidental deletion of documents in the S3 bucket and want a more secure solution

What should a solutions architect do to secure the audit documents?

A.

Enable the versioning and MFA Delete features on the S3 bucket.

B.

Enable multi-factor authentication (UFA) on the IAM user credentials for each audit team IAM user account.

C.

Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3 DekaeObject action during audit dates

D.

Use AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit learn IAM user accounts from accessing the KMS key.

Full Access
Question # 9

A company is running an application on AWS to process weather sensor data that is stored in an Amazon S3 bucket. Three batch jobs run hourly to process the data in the S3 bucket for different purposes. The company wants to reduce the overall processing time by running. The three applications in parallel using an event-based approach.

What should a solutions architect do to meet these requirements?

A.

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) FIFO queue Subscribe al applications to the queue for processing.

B.

Enable S3 Event Notifications for new objects to an Amazon Simple Queue Service (Amazon SOS) standard queue Create an additional SOS queue for all applications, and subscribe all applications to the meal queue for processing.

C.

Enable S3 Event Notifications for new objects to separate Amazon Simple Queue Service (Amazon SOS) FIFO queues Create an additional SOS queue (or each application and subscribe each queue to the initial topic for processing

D.

Enable S3 Event Notifications tor new objects to an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon Simple Queue Service (Amazon SOS) queue for each application, and subscribe each queue to the topic for processing

Full Access
Question # 10

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval

What should a solutions architect recommend to meet these requirements?

A.

Store the transactions data into Amazon DynamoDB Set up a rule in DynamoDB to remove sensitive data from every transaction upon write Use DynamoDB Streams to share the transactions data with other applications

B.

Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3 Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data. Other applications can consume the data stored in Amazon S3

C.

Stream the transactions data into Amazon Kinesis Data Streams Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB Other applications can consume the transactions data off the Kinesis data stream.

D.

Store the batched transactions data in Amazon S3 as files. Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon S3 The Lambda function then stores the data in Amazon DynamoDB Other applications can consume transaction files stored in Amazon S3.

Full Access
Question # 11

A database is on an Amazon RDS MySQL 5.6 Multi-AZ 06 instance that experiences highly dynamic reads. Application developers notice a significant slowdown when testing read performance from a secondary AWS Region. The developers want a solution that provider less than 1 second of read replication latency

What should the solutions architect recommend?

A.

Install MySQL on Amazon EC2 in the secondary Region

B.

Migrate the database to Amazon Aurora with cross-Region replicas.

C.

Create another RDS for MySQL read replica m the secondary Region

D.

Implement Amazon ElastiCache to improve database query performance

Full Access
Question # 12

A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available Users must be able to download, modify, and upload documents.

Which combination of actions should be taken to meet these requirements? (Select TWO.)

A.

Enable a read-only bucket ACL

B.

Enable versioning on the bucket.

C.

Attach an IAM policy to the bucket

D.

Enable MFA Delete on the bucket.

E.

Encrypt the bucket using AWS KMS.

Full Access
Question # 13

A company wants to build a scalable key management Infrastructure to support developers who need to encrypt data in their applications.

What should a solutions architect do to reduce the operational burden?

A.

Use multifactor authentication (MFA) to protect the encryption keys.

B.

Use AWS Key Management Service (AWS KMS) to protect the encryption keys

C.

Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys

D.

Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

Full Access
Question # 14

A company runs an application on an Amazon EC2 instances backed by Amazon Elastic Block Store (Amazon EBS). The instances needs to be available for 12 hours daily. The company wants to save costs by making the instance outside the window required for the application. However, the contents of the memory must be preserved whenever the instance is unavailable.

What should a solutions architect do lo meet this requirement?

A.

Stop the instance outside the application's availability window Start up the instance again when required

B.

Hibernate the instance outside the application's availability window Start up the instance again when required

C.

Use Auto Scaling to scale down the instance outside the application's availability window Scale up the instance when required.

D.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

Full Access
Question # 15

At part of budget planning. management wants a report of AWS billed dams listed by user. The data will be used to create department budgets. A solution architect needs to determine the most efficient way to obtain this report Information

Which solution meets these requirement?

A.

Run a query with Amazon Athena to generate the report.

B.

Create a report in Cost Explorer and download the report

C.

Access the bill details from me tuning dashboard and download Via bill.

D.

Modify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES).

Full Access
Question # 16

A company hosts a popular website in the AWS Cloud, A solutions architect needs to provide reports about user click behaviour in near-real time as users navigate the website.

Which solution will meet this requirement

A.

Store the clickstream data in Amazon DynamoDB. Deploy an application that runs on AWS Elastic Beanstalk to process and analyze the data.

B.

Push the clickstream data from each session to an Amazon Kinesis data stream Analyze the dab by using Amazon Kinesis Data Analytics.

C.

Store the clickstream data in an Amazon S3 bucket. Order the data by timestamp Process the data with an AWS Lambda function that is subscribed to object creation events on the S3 bucket.

D.

Forward the clickstream data to Amazon Simple Queue Service (Amazon SOS) Store the data In an Amazon ROS for MySQL DB instance. Deploy Amazon FC2 Instances to process and analyze the data

Full Access
Question # 17

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance After a routine compliance check, the company sets a standard that requires a recovery pant objective (RPO) of less than 1 second for all its production databases.

Which solution meets these requirement?

A.

Enable a Multi-AZ deployment for the DB Instance

B.

Enable auto scaling for the OB instance m one Availability Zone.

C.

Configure the 06 instance in one Availability Zone and create multiple read replicas in a separate Availability Zone

D.

Configure the 06 instance m one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) lacks

Full Access
Question # 18

A solutions architect is designing the storage architecture tor a new web application used for storing and viewing engineering drawings All application components will be deployed on the AWS infrastructure.

The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load The application must be able to store petabytes of data.

Which combination of storage and caching should the solutions architect use?

A.

Amazon S3 with Amazon CloudFront

B.

Amazon S3 Glacier with Amazon ElastiCache

C.

Amazon Elastic Block Store (Amazon BBS) volumes with Amazon CloudFront

D.

AWS Storage Gateway with Amazon ElastiCache

Full Access
Question # 19

A company has an application that uses an Amazon OynamoDB table lew storage. A solutions architect discovers that many requests to the table are not returning the latest data. The company's users have not reported any other issues with database performance Latency is in an acceptable range.

Which design change should the solutions architect recommend?

A.

Add read replicas to the table.

B Use a global secondary index (GSI).

B.

Request strongly consistent reads for the table

C.

Request eventually consistent reads for the table.

Full Access
Question # 20

A company has an Amazon S3 bucket that contains confidential information in its production AWS account The company has turned on AWS CloudTrail for the account. The account sends a copy of its logs to Amazon CloudWatch Logs. The company has configured the S3 bucket to log read and write data events.

A company auditor discovers that some objects in the S3 bucket have been deleted A solutions architect must provide the auditor with information about who deleted the objects

What should the solutions architect do to provide this information?

A.

Create a CloudWatch Logs fitter to extract the S3 write API calls against the S3 bucket

B.

Query the CloudTrail togs with Amazon Athena to identify the S3 write API calls against the S3 bucket

C.

Use AWS Trusted Advisor to perform security checks for S3 writ© API calls that deleted the content

D.

Use AWS Config to track configuration changes on the S3 bucket Use these details to track the S3 write API calls that deleted the content

Full Access
Question # 21

A solutions architect is optimizing a website for an upcoming musical event Videos of the performances will be streamed in real time and then will be available on demand The event is

expected to attract a global online audience

Which service will improve the performance of both the real-time and on-demand streaming?

A.

Amazon CloudFront

B.

AWS Global Accelerator

C.

Amazon Route 53

D.

Amazon S3 Transfer Acceleration

Full Access
Question # 22

A company has hired an external vendor to perform work in the company's AWS account The vendor uses an automated tool that is hosted in an AWS account that the vendor owns The vendor does not have IAM access to the company's AWS account

How should a solutions architect grant this access to the vendor?

A.

Create an lAM rote in the company's account to delegate access to the vendor's IAM role Attach the appropriate IAM policies to the role for the permissions that the vendor requires

B.

Create an lAM user in the company's account with a password that meets the password complexity requirements Attach the appropriate lAM policies to the user (or the permissions that the vendor requires

C.

Create an IAM group in the company's account Add the tool's lAM user from the vendor account lo the group Attach the appropriate lAM policies to the group for the permissions that the vendor requires

D.

Create a new identity provider by choosing "AWS account" as the provider type in the IAM console Supply the vendor's AWS account ID and user name Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires

Full Access
Question # 23

A company maintains about 300 TB in Amazon S3 Standard storage month after month The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application The number and size of S3 objects remain constant but the company's S3 storage costs are increasing each month

How should a solutions architect reduce costs in this situation?

A.

Switch from multipart uploads to Amazon S3 Transfer Acceleration

B.

Enable an S3 Lifecycle policy that deletes incomplete multipart uploads

C.

Configure S3 inventory to prevent objects from being archived too quickly

D.

Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3

Full Access
Question # 24

A company stores use' data in AWS The data is used continuously with peak usage during business hours Access patterns vary with some data not being used for months at a time A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

A.

Amazon S3 Standard

B.

Amazon S3 Intelligent-Tiering

C.

Amazon S3 Glacier Deep Archive

D.

Amazon S3 One Zone-infrequent Access (S3 One Zone-IA)

Full Access
Question # 25

A company has a production web application in which users upload documents through a web interlace or a mobile app. According to a new regulatory requirement, new documents cannot be modified or deleted after they are stored.

What should a solutions architect do to meet this requirement?

A.

Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled

B.

Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the documents periodically.

C.

Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled Configure an ACL to restrict all access to read-only.

D.

Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the data by mounting the volume in read-only mode.

Full Access
Question # 26

A company plans to store sensitive user data on Amazon S3 internal security compliance requirement mandate encryption of data before secured it to Amazon S3.

What should a solutions architect recommend to safely these requirements?

A.

Server-side encryption with customer-provided encryption keys.

B.

Client-side encryption with Amazon S3 managed encryption keys.

C.

Service-side encryption with keys stored in AWS Management Service (AWS KMS)

D.

Server-side encryption with a master stored in AWS Management Service (AWS KMS)

Full Access
Question # 27

A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer Based on the application's history the company anticipates a spike in traffic during a holiday each year A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users.

Which solution will meet these requirements'?

A.

Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%

B.

Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand

C.

Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period

D.

Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there are autoscaling EC2_INSTANCE_LAUNCH events

Full Access
Question # 28

A solutions architect needs to design a nighty available application consisting of web. application and database tiers HTTPS content delivery should be as close to the edge as possible with the least delivery time

Which solution meets these requirements and is MOST secure?

A.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

B.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

C.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

D.

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

Full Access
Question # 29

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC A solutions architect needs to connect from the on-premises network, through the company's internet connection to the bastion host and to the application servers The solutions architect must make sure that the security groups of all the EC2 instances will allow that access

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO)

A.

Replace the current security group of the bastion host with one that only allows inbound access from the application instances

B.

Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company

C.

Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company

D.

Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host

E.

Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host

Full Access
Question # 30

A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings The company is concerned about the security of the AWS account root user

What should be done to secure the root user?

A.

Create IAM users for daily administrative tasks Disable the root user

B.

Create IAM users for daily administrative tasks Enable multi-factor authentication on the root user

C.

Generate an access key for the root user Use the access key for daily administration tasks instead of the AWS Management Console

D.

Provide the root user credentials to the most senior solutions architect Have the solutions architect use the root user for daily administration tasks

Full Access
Question # 31

A solutions architect is deploying a distributed database on multiple Amazon EC2 instances. The database stores all data on multiple instances so it can withstand the loss of an instance. The database requires block storage with latency and throughput to support several million transactions per second per server.

Which storage solution should the solutions architect use?

A.

Amazon EBS

B.

Amazon EC2 instance store

C.

Amazon EFS

D.

Amazon S3

Full Access
Question # 32

A company sells datasets to customers who do research in artificial intelligence and machine learning (Al/ML) The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region The company hosts a web application that the customers use to purchase access to a given dataset The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer After a purchase is made customers receive an S3 signed URL that allows access to the files.

The customers are distributed across North America and Europe The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

A.

Configure S3 Transfer Acceleration on the existing S3 bucket Direct customer requests to the S3 Transfer Acceleration endpoint Continue to use S3 signed URLs for access control

B.

Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin Direct customer requests to the CloudFront URL Switch to CloudFront signed URLs for access control

C.

Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets Direct customer requests to the closest Region Continue to use S3 signed URLs for access control

D.

Modify the web application to enable streaming of the datasets to end users Configure the web application to read the data from the existing S3 bucket Implement access control directly in the application

Full Access
Question # 33

A company has multiple AWS accounts for various departments. One of the departments wants to share an Amazon S3 bucket with all other departments. Which solution will require the LEAST amount of effort?

A.

Enable cross-account S3 replication for the bucket

B.

Create a pre-signed URL for the bucket and share it with other departments

C.

Set the S3 bucket policy to allow cross-account access to other departments

D.

Create IAM users for each of the departments and configure a read-only IAM policy

Full Access
Question # 34

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is me MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

A.

Use a VPC endpoint for DynamoDB

B.

Use a NAT gateway in a public subnet

C.

Use a NAT instance in a private subnet

D.

Use the internet gateway attached to the VPC

Full Access
Question # 35

A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers In an Auto Scaling group Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention

Which solution should a solutions architect recommend?

A.

Use Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage

B.

Use a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage

C.

Use a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage

D.

Use an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage

Full Access
Question # 36

A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud The company needs the ability to use SMB clients to access data solution must be fully managed.

Which AWS solution meets these requirements'?

A.

Create an AWS DataSync task that shares the data as a mountable file system Mount the file system to the application server

B.

Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance Connect the application server to the file share

C.

Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the file system

D.

Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3 bucket Mount the S3 bucket to the application server

Full Access
Question # 37

Which AWS service or feature can be used find availability status information on all AWS services?

A.

AWS Personal Health

B.

Dashboard AWS CloudTrail

C.

AWS Service Health Dashboard

D.

Amazon CloudWatch

Full Access
Question # 38

A company's web application uses an Amazon RDS PostgreSQL DB instance to store its application data During the financial closing period at the start of every month, Accountants run large queries that impact the database's performance due to high usage The company wants to minimize the impact that the reporting activity has on the web application

What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

A.

Create a read replica and direct reporting traffic to the replica

B.

Create a Multi-AZ database and direct reporting traffic to the standby

C.

Create a cross-Region read replica and direct reporting traffic to the replica.

D.

Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database

Full Access
Question # 39

A company recently deployed a new auditing system to centralize information about operating system versions patching and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated

Which solution achieves these goals MOST efficiently?

A.

Use a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system.

B.

Use EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated

C.

Use an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated

D.

Run a custom script on the instance operating system to send data to the audit system Configure the script to be invoked by the EC2 Auto Scaling group when the instance starts and is terminated

Full Access
Question # 40

A company needs to store data from its healthcare application. The application's data frequently changes. A new regulation requires audit access at all levels of the stored data.

The company hosts the application on an on-premises infrastructure that is running out of storage capacity. A solutions architect must securely migrate the existing data to AWS while satisfying the new regulation.

Which solution will meet these requirements?

A.

Use AWS DataSync to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.

B.

Use AWS Snowcone to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.

C.

Use Amazon S3 Transfer Acceleration to move the existing data to Amazon S3. Use AWS CloudTrail to log data events.

D.

Use AWS Storage Gateway to move the existing data to Amazon S3. Use AWS CloudTrail to log management events.

Full Access
Question # 41

A solutions architect is migrating a document management workload to AWS The workload keeps 7 TiB of contract documents on a snared storage file system and tracks them on an external database Most of the documents are stored and retrieved eventually for reference m the future The application cannot De modified during the migration, and the storage solution must be highly available.

Documents are retrieved and stored by web servers that run on Amazon EC2 instances In an Auto Scaling group The Auto Scaling group can have up to 12 instances. Which solution meets these requirements MOST cost-effectively?

A.

Provision an enhanced networking optimized EC2 instance to serve as a shared NFS storage system.

B.

Create an Amazon S3 bucket that uses the S3 Standard-infrequent Access (S3 Standard-lA) storage class Mount the S3 bucket to the EC2 instances in the Auto Scaling group

C.

Create an SFTP server endpoint by using AWS Transfer for SFTP and an Amazon S3 bucket Configure the EC2 instances m the Auto Scaling group to connect to the SFTP server

D.

Create an Amazon Elastic File System (Amazon EFS) file system that uses the EFS Standard-Infrequent Access (EFS Standard-lA) storage class. Mount the file system to the EC2 instances in the Auto Scaling group

Full Access
Question # 42

A company's production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance The company is launching a new reporting tool that will access the same data The reporting tool must be highly available and not impact the performance of the production application

How can this be achieved'?

A.

Create hourly snapshots of the production RDS DB instance

B.

Create a Multi-AZ RDS Read Replica of the production RDS DB instance

C.

Create multiple RDS Read Replicas of the production RDS DB instance Place the Read Replicas in an Auto Scaling group

D.

Create a Single-AZ RDS Read Replica of the production RDS DB instance Create a second Single-AZ RDS Read Replica from the replica

Full Access
Question # 43

A company uses AWS to run all components of its three-tier web application. The company wants to automatically detect any potential security breaches within the environment The company wants to track any findings and notify administrators if a potential breach occurs

Which solution meets these requirements?

A.

Set up AWS WAF to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

B.

Set up AWS Shield to evaluate suspicious web traffic Create AWS Lambda functions to log any findings in Amazon CloudWatch and send email notifications to administrators.

C.

Deploy Amazon Inspector to monitor the environment and generate findings in Amazon CloudWatch Configure an Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

D.

Deploy Amazon GuardDuty to monitor the environment and generate findings in Amazon CloudWatch Configure an

Amazon EventBridge (Amazon CloudWatch Events) rule to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to notify administrators by email

Full Access
Question # 44

A company has an API-based inventory reporting application running on Amazon EC2 instances The application stores information in an Amazon DynamoDB table The company's distribution centers have an on-premises shipping application that calls an API to update the inventory before printing shipping labels The company has been experiencing application interruptions several times each day. resulting in lost transactions

What should a solutions architect recommend to improve application resiliency?

A.

Modify the shipping application to write to a local database

B.

Modify the application APIs to run serverless using AWS Lambda

C.

Configure Amazon API Gateway to call the EC2 inventory application APIs

D.

Modify the application to send inventory updates using Amazon Simple Queue Service (Amazon SQS)

Full Access
Question # 45

A company is running a multi-tier ecommerce web application in the AWS Cloud. The web application is running on Amazon EC2 instances. The database tier is on a provisioned Amazon Aurora MySQL DB cluster with a writer and a reader in a Multi-AZ environment. The new requirement for the database tier is to serve the application to achieve continuous write availability through an instance failover.

What should a solutions architect do to meet this new requirement?

A.

Add a new AWS Region to the DB cluster for multiple writes.

B.

Add a new reader in the same Availability Zone as the writer.

C.

Migrate the database tier to an Aurora multi-master cluster.

D.

Migrate the database tier to an Aurora DB cluster with parallel query enabled.

Full Access
Question # 46

A company with multiple accounts and teams wants to set up a new multi-account AWS environment.

Which AWS service supports this requirement?

A.

AWS CloudFormation

B.

AWS Control Tower

C.

AWS Config

D.

Amazon Virtual Private Cloud (Amazon VPC)

Full Access
Question # 47

A company hosts a three-tier web application that includes a PostgreSQL database The database stores the metadata from documents The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month The documents are stored in Amazon S3 The documents are usually written only once, but they are updated frequency The reporting process takes a few hours with the use of relational queries The reporting process must not affect any document modifications or the addition of new documents.

What are the MOST operationally efficient solutions that meet these requirements? (Select TWO )

A.

Set up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica Scale the read replica to generate the reports.

B.

Set up a new Amazon RDS for PostgreSQL Reserved Instance and an On-Demand read replica Scale the read replica to generate the reports

C.

Set up a new Amazon Aurora PostgreSQL DB cluster that includes a Reserved Instance and an Aurora Replica issue queries to the Aurora Replica to generate the reports.

D.

Set up a new Amazon RDS for PostgreSQL Multi-AZ Reserved Instance Configure the reporting module to query the secondary RDS node so that the reporting module does not affect the primary node

E.

Set up a new Amazon DynamoDB table to store the documents Use a fixed write capacity to support new document entries Automatically scale the read capacity to support the reports

Full Access
Question # 48

A financial services company wants to shut down two data centers and migrate more than 100 TB of data to AWS. The data has an intricate directory structure with millions of small files stored in deep hierarchies of subfolders Most of the data is unstructured and the company's file storage consists of SMB-based storage types from multiple vendors The company does not want to change its applications to access the data after migration.

What should a solutions architect do to meet these requirements with the LEAST operational overhead?

A.

Use AWS Direct Connect to migrate the data to Amazon S3 .

B.

Use AWS DataSync to migrate the data to Amazon FSx for Lustre

C.

Use AWS DataSync to migrate the data to Amazon FSx for Windows File Server

D.

Use AWS Direct Connect to migrate the data on-premises file storage to an AWS Storage Gateway volume gateway.

Full Access
Question # 49

A company wants to use AWS Systems Manager to manage a fleet ol Amazon EC2 instances. According to the company's security requirements, no EC2 instances can have internet access. A solutions architect needs to design network connectivity from the EC2 instances to Systems Manager while fulfilling this security obligation.

Which solution will meet these requirements?

A.

Deploy the EC2 instances into a private subnet with no route to the internet.

B.

Configure an interface VPC endpoint for Systems Manager. Update routes to use the endpoint.

C.

Deploy a NAT gateway into a public subnet. Configure private subnets with a default route to the NAT gateway.

D.

Deploy an internet gateway. Configure a network ACL to deny traffic to all destinations except Systems Manager.

Full Access
Question # 50

An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic A solutions architect needs to optimize the application's performance quickly

What should the solutions architect recommend?

A.

Change the existing database to a Multi-AZ deployment Serve the read requests from the primary Availability Zone

B.

Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone

C.

Create read replicas for the database Configure the read replicas with half of the compute and storage resources as the source database

D.

Create read replicas for the database Configure the read replicas with the same compute and storage resources as the source database

Full Access
Question # 51

A company is building ils web application by using contains on AWS. The company requires three instances of the web application to run at all times The application must be highly available and must be able to scale to meet increases In demand

Which solution meets these requirements?

A.

Use the AWS Fargate launch type to create an Amazon Elastic Contain« Service (Amazon ECS) dust« Create a task definition for the web application Create an ECS service that ha6 a desired count of three tasks.

B.

Use the Amazon EC2 launch type to create an Amazon Elastic Contain« Service (Amazon ECS) cluster that has three container Instances in one Availability Zone Create a task definition for the web application Place one task for each container instance.

C.

Use the AWS Fargate launch type to create an Amazon Elastic Contain« Service (Amazon ECS) cluster that has three container instances in three different Availability Zones Create a task definition for the web application Create an ECS service that has a desired count of three tasks

D.

Use the Amazon EC2 launch type to create an Amazon Elastic Contain« Service (Amazon ECS) duster that has one container instance in two different Availability Zones. Ceate definition for the web application Place two tasks on one container instance Place one task on the remaining container instance

Full Access
Question # 52

A company is investigating potential solutions to collect process, and store users' service usage data The company needs to create an analytics capability so that the company can use standard SQL queries to gather operational insights quickly. The solution must be highly available The solution also must ensure atomicity, consistency, isolation and durability (ACID) compliance in the data tier

Which solution meets these requirements''

A.

Use an Amazon Timestream database.

B.

Use an Amazon Neptune database in a Multi-AZ design

C.

Use a fully managed Amazon RDS for MySQL database in a Multi-AZ design

D.

Deploy PostgreSQL on an Amazon EC2 instance that uses Amazon Elastic Block Store (Amazon EBS) Throughput Optimized HDD (st1) storage

Full Access
Question # 53

A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached The peak capacity is the same every night and the batch jobs always start at 1 AM The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete

What should the solutions architect do to meet these requirements^

A.

Increase the minimum capacity for the Auto Scaling group

B.

Increase the maximum capacity for the Auto Scaling group

C.

Configure scheduled scaling to scale up to the desired compute level

D.

Change the scaling policy to add more EC2 instances during each scaling operation.

Full Access
Question # 54

A company runs a shopping application lhat uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO> of 1 hour.

What should the solutions architect recommend to meet these requirements?

A.

Configure DynamoDB global tables. For RPO recovery, point the application to a different AWS Region.

B.

Configure DynamoDB point-in-time recovery. For RPO recovery, restore to the desired point in time.

C.

Export the DynamoDB data to Amazon S3 Glacier on a daily basis. For RPO recovery, import the data from S3 Glacier to DynamoDB.

D.

Schedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes. For RPO recovery, restore the DynamoDB table by using the EBS snapshot.

Full Access
Question # 55

A company is running a media application in an on-premises data center and has accumulated 500 TB of data The company needs to migrate the data from the application s existing network-attached file system to AWS Users rarely access data that is older than 1 year

Which solution meets these requirements MOST cost-effectively’

A.

Use AWS Snowmobile to move the data to Amazon S3 Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Glacier

B.

Use multiple AWS Snowball Edge Storage Optimized devices to move the data to Amazon S3 Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Standard-Infrequent Access (S3 Standard-IA)

C.

Set up an AWS Direct Connect connection between the on-premises data center and AWS Transfer the data directly to Amazon S3 by using the Direct Connect connection Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Glacier

D.

Set up an AWS Site-to-Site VPN connection between the on-premises data center and AWS Transfer the data directly to Amazon S3 by using the Site-to-Site VPN connection Create an S3 Lifecycle policy to transition data that is older than 1 year to S3 Standard-infrequent Access (S3 Standard-IA)

Full Access
Question # 56

A company is creating an architecture for a mobile app that requires minimal latency for its users. The company's architecture consists of Amazon EC2 instances behind an Application Load Balancer running in an Auto Seating group The EC2 instances connect to Amazon RDS Application beta testing showed there was a slowdown when reading the data However, the metrics indicate that the EC2 instances do not cross any CPU utilization thresholds

How can this issue be addressed?

A.

Reduce the threshold for CPU utilization in the Auto Scaling group

B.

Replace the Application Load Balancer with a Network Load Balancer.

C.

Add read replicas for the RDS instances and direct read traffic to the replica

D.

Add Multi-AZ support to the RDS instances and direct read traffic to the new EC2 instance

Full Access
Question # 57

A solutions architect must transfer 750 TB of data from an on-premises network-attached file system to Amazon S3 Glacier. The migration must not saturate the on-premises 10 Mbps internet connection.

Which solution will meet these requirements?

A.

Create an AWS Site-to-Site VPN tunnel to an S3 bucket Transfer the files directly by using the AWS CLI.

B.

Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 Glacier vault as the destination.

C.

Mount the network-attached file system to an S3 bucket, and copy the files directly. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.

D.

Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 bucket as the destination. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.

Full Access
Question # 58

An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company's AWS accounts Which AWS service can the administrator use to protect the company against attacks?

A.

Amazon Cognito

B.

Amazon GuardDuty

C.

Amazon Inspector

D.

Amazon Macie

Full Access
Question # 59

A solutions architect must create a highly available bastion host architecture. The solution needs to be resilient within a single AWS Region and should require only minimal effort to maintain.

What should the solutions architect do to meet these requirements?

A.

Create a Network Load Balancer backed by an Auto Scaling group with a UDP listener.

B.

Create a Network Load Balancer backed by a Spot Fleet with instances in a partition placement group.

C.

Create a Network Load Balancer backed by the existing servers in different Availability Zones as the target.

D.

Create a Network Load Balancer backed by an Auto Scaling group with instances in multiple Availability Zones as the target

Full Access
Question # 60

An ecommerce company is creating an application that requires a connection to a third-party payment service to process payments. The payment service needs to explicitly allow the public IP address of the server that is making the payment request. However, the company's security policies do not allow any server to be exposed directly to the public internet.

Which solution will meet these requirements?

A.

Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a private subnet. Assign the public IP address to the application servers.

B.

Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet Route payment requests through the NAT gateway.

C.

Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB.

D.

Set up an AWS Client VPN connection to the payment service Host the application servers on Amazon EC2 instances in a private subnet Route the payment requests through the VPN.

Full Access
Question # 61

A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The website has a mix of dynamic and static content. Users around the globe are reporting that the website is slow

Which set of actions will improve website performance for users worldwide?

A.

Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution

B.

Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB

C.

Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register the instances with the same ALB using cross-Region VPC peering.

D.

Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.

Full Access
Question # 62

A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by way of a URL that resolves to a domain name Users all over the world access this content through subscriptions. A third-party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53 The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to subscribers.

Which solution meets these requirements?

A.

Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.

B.

Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create an ALIAS record in the Amazon Route 53 hosted zone that points to the CloudFront distribution, resolving to the application's URL domain name.

C.

Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geolocation rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.

D.

Create an A record in a Route 53 hosted zone for the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy

Full Access
Question # 63

A healthcare computer stores highly sensitive records. Compliance requires that multiple copies be stored in different locations. Each record must be stored for 7 years. The company has a service level agreement (SLA) to provide records to government agencies immediately for the first 30 days and thin within 4 hours of a request thereafter.

What should a solutions architect recommend?

A.

Use Amazon S3 with cross-Region Region replication enabled. After 30 days. Transition the data to Amazon S3 Glacier using lifecycle policy.

B.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days. Transition on the data to Amazon S3 Glacier using a lifecycle policy.

C.

Use Amazon S3 with cross-origin replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive a lifecycle policy.

D.

Use Amazon S3 with cross-origin resource sharing (CCRS) enabled. After 30 days, transition on the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.

Full Access
Question # 64

A company captures ordered clickstream data from multiple websites and uses batch processing to analyze the data. The company receives 100 million event records, all approximately 1 KB in size, each day. The company loads the data into Amazon Redshift each night, and business analysts consume the data.

The company wants to move toward near-real-time data processing for timely insights. The solution should process the streaming data while requiring the least possible operational overhead.

Which combination of AWS services will meet these requirements MOST cost-effectively? (Select TWO.)

A.

Amazon EC2

B.

AWS Batch

C.

Amazon Simple Queue Service (Amazon SQS)

D.

Amazon Kinesis Data Firehose

E.

Amazon Kinesis Data Analytics

Full Access
Question # 65

A company has three VPCs named Development, Testing and Production in the us-east-1 Region. The three VPCs need to be connected to an on-premises data center and are designed to be separate to maintain security and prevent any resource sharing A solutions architect needs to find a scalable and secure solution

What should the solutions architect recommend?

A.

Create an AWS Direct Connect connection and a VPN connection for each VPC to connect back to the data center.

B.

Create VPC peers from all the VPCs to the Production VPC Use an AWS Direct Connect connection from the Production VPC back to the data center

C.

Connect VPN connections from all the VPCs to a VPN in the Production VPC. Use a VPN connection from the Production VPC back to the data center

D.

Create a new VPC called Network Within the Network VPC create an AWS Transit Gateway with an AWS Direct Connect connection back to the data center Attach all the other VPCs to the Network VPC.

Full Access
Question # 66

A company has created a multi-tier application for its ecommerce website The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider A solutions architect must devise a strategy that maximizes security without increasing operational overhead

What should the solutions architect do to meet these requirements?

A.

Deploy a NAT instance in the VPC Route all the internet-based traffic through the NAT instance

B.

Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway.

C.

Configure an internet gateway and attach it to the VPC Modify the private subnet route table to direct internet-bound traffic to the internet gateway

D.

Configure a virtual private gateway and attach it to the VPC Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

Full Access
Question # 67

A company is running an application on Amazon EC2 instances. Traffic to the workload increases substantially during business hours and decreases afterward. The CPU utilization of an EC2 instance is a strong indicator of end-user demand on the application. The company has configured an Auto Scaling group to have a minimum group size of 2 EC2 instances and a maximum group size of 10 EC2 instances.

The company is concerned that the current scaling policy that is associated with the Auto Scaling group might not be correct. The company must avoid over-provisioning EC2 instances and incurring unnecessary costs.

What should a solutions architect recommend to meet these requirements?

A.

Configure Amazon EC2 Auto Scaling to use a scheduled scaling plan and launch an additional 8 EC2 instances during business hours.

B.

Configure AWS Auto Scaling to use a scaling plan that enables predictive scaling. Configure predictive scaling with a scaling mode of forecast and scale, and to enforce the maximum capacity setting during scaling.

C.

Configure a step scaling policy to add 4 EC2 instances at 50% CPU utilization and add another 4 EC2 instances at 90% CPU utilization. Configure scale-in policies to perform the reverse and remove EC2 instances based on the two values.

D.

Configure AWS Auto Scaling to have a desired capacity of 5 EC2 instances, and disable any existing scaling policies. Monitor the CPU utilization metric for 1 week. Then create dynamic scaling policies that are based on the observed values.

Full Access
Question # 68

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth A solutions architect must improve the application's infrastructure.

Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)

A.

Migrate the PostgreSQL database to Amazon Aurora

B.

Migrate the web application to be hosted on Amazon EC2 instances.

C.

Set up an Amazon CloudFront distribution for the web application content.

D.

Set up Amazon ElastiCache between the web application and the PostgreSQL database.

E.

Migrate the web application to be hosted on AWS Fargate with Amazon Elastic Container Service (Amazon ECS).

Full Access
Question # 69

A company has a custom application running on an Amazon EC2 instance that

• Reads a large amount of data from Amazon S3

• Performs a multi-stage analysis.

Writes the results to Amazon DynamoDB

The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance. What would be the fastest storage option for holding the temporary files?

A.

Multiple Amazon S3 buckets with Transfer Acceleration for storage

B.

Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization

C.

Multiple Amazon EFS volumes using the Network File System version 4 1 (NFSv4 1) protocol

D.

Multiple instance store volumes with software RAID 0.

Full Access
Question # 70

A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements all existing and new data in this database must be encrypted.

How should this be accomplished?

A.

Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance

B.

Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance

C.

Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

D.

Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance

Full Access
Question # 71

A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.

Which actions should a solutions architect take to meet this requirement? (Select TWO.)

A.

Write the messages to an Amazon DynamoDB table with the payment ID as the partition key

B.

Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.

C.

Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key

D.

Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID

E.

Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Set the message group to use the payment ID.

Full Access
Question # 72

A company has deployed a multiplayer game for mobile devices. The game requires live location tracking of players based on latitude and longitude. The data store for the game must support rapid updates and retrieval of locations.

The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store the location data. During peak usage periods, the database is unable to maintain the performance that is needed for reading and writing updates. The game's user base is increasing rapidly.

What should a solutions architect do to improve the performance of the data tier?

A.

Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled.

B.

Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana.

C.

Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance. Modify the game to use DAX.

D.

Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game to use Redis.

Full Access
Question # 73

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

A.

Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user

B.

Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.

C.

Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts

D.

Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account

Full Access
Question # 74

A company has a customer relationship management (CRM) application that stores data in an Amazon RDS DB instance that runs Microsoft SQL Server. The company's IT staff has administrative access to the database. The database contains sensitive data. The company wants to ensure that the data is not accessible to the IT staff and that only authorized personnel can view the data.

What should a solutions architect do to secure the data?

A.

Use client-side encryption with an Amazon RDS managed key.

B.

Use client-side encryption with an AWS Key Management Service (AWS KMS) customer managed key.

C.

Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) default encryption key.

D.

Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer managed key.

Full Access